Hi Marco,
> After nearly 2 months it happened again:
>
> ts-20.96.144.0{126302}: INSTALLED, TUNNEL, reqid 244, ESP SPIs: cd63dff4_i
> 5215984b_o
> ts-20.96.144.0{126302}: AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 2988620
> bytes_i (6591 pkts, 314s ago), 2048852 bytes_o, rekeying in 5 hours
>
Hi Tobias,
> Hi Marco,
>
> > Kindly I would like to ask if there is any know reason
> > why ipsec statusall sometimes doesn't print the number
> > of packets for the child_sa.
>
> The number of packets is printed if a last use time can be determined
> via the respective policy. Check the log
>> is it enough knl = 3 ?
>
> Set it to 2, with 3 your log will only fill up with binary dumps of
> kernel messages.
You can also use the log settings at [1] so we see a bit more about
what's going on.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Hi Marco,
> thanks for the explanation. Indeed that policy was problematic:
> packets were going out, but not viceversa.
Sounds strange, policies should not just disappear.
> is it enough knl = 3 ?
Set it to 2, with 3 your log will only fill up with binary dumps of
kernel messages.
Regards,
Hi Tobias,
> The number of packets is printed if a last use time can be determined
> via the respective policy.
thanks for the explanation. Indeed that policy was problematic:
packets were going out, but not viceversa.
After an "ipsec down child_sa" and "ipsec up child_sa" traffic
was full
Hi Marco,
> Kindly I would like to ask if there is any know reason
> why ipsec statusall sometimes doesn't print the number
> of packets for the child_sa.
The number of packets is printed if a last use time can be determined
via the respective policy. Check the log for errors regarding querying
Hello everyone,
Kindly I would like to ask if there is any know reason
why ipsec statusall sometimes doesn't print the number
of packets for the child_sa. Here is an example for the
bytes_i:
ts-net{453}: AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 1467110312 bytes_i,
3075678241 bytes_o (2443951